Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ays-pro popup box vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-24458
The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin prior to 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the ad...
Ays-pro Popup Box
6.5
CVSSv2
CVE-2021-24460
The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin prior to 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin d...
Ays-pro Popup Box
NA
CVE-2023-5809
The Popup box WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite se...
Ays-pro Popup Box
NA
CVE-2023-5874
The Popup box WordPress plugin prior to 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite se...
Ays-pro Popup Box
NA
CVE-2023-27414
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.
Ays-pro Popup Box
NA
CVE-2023-4390
The Popup box WordPress plugin prior to 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).
Ays-pro Popup Box
NA
CVE-2023-5343
The Popup box WordPress plugin prior to 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
Ays-pro Popup Box
4.3
CVSSv2
CVE-2022-0641
The Popup Like box WordPress plugin prior to 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Ays-pro Popup Like Box
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started